Schengen Information System - NEMZETI ADATVÉDELMI ÉS INFORMÁCIÓSZABADSÁG HATÓSÁG

Which countries participate in the SIS?

Signatory states to the Convention Implementing the Schengen Agreement (CISA) may share information through the SIS.  Currently, most countries in Europe take part in the system except from the Republic of Ireland and the United Kingdom who take advantage of SIS as a law enforcement resource, Cyprus, Romania and Bulgaria.  Non-EU countries Iceland, Norway, Liechtenstein and Switzerland are full participants in the SIS, as they have lifted border controls between themselves and other Schengen zone states. (Romania and Bulgaria are currently in negotiations to join the Schengen area.)

Who is affected and what types of data are stored in the SIS?

The type of personal data stored in the Schengen Information System is defined by the Regulation (EC) No 1987/2006 of the European Parliament and of the Council of 20 December 2006 on the establishment, operation and use of the second-generation Schengen Information System, and is collected in accordance with the relevant laws of member states, which in Hungary are: Act CLXXXI of 2012 on the exchange of information in the framework of the second-generation Schengen Information System and the Government Decree No. 15/2013. (28/I) on the detailed procedures of the exchange of information in the framework of the second-generation Schengen Information System.

Member states may only collect data on:

• persons wanted for arrest in surrender or extradition procedure
  

• non-nationals for whom an alert has been issued for the purpose of refusing entry into the Schengen area
  

• missing persons, persons who need to be placed under protection
  

• witnesses or persons summoned to appear before judicial authorities in connection with a criminal matter, or those who are to be served with a criminal judgment or custodial sentence
  

• persons under discreet surveillance or specific checks
  

• documents, vehicles other objects specified in the legislation (firearms, boats, and identity documents), which are to be seized or used as evidence
  

It should be noted that personal data in the SIS may not pertain to one’s racial background, political, religious or other beliefs, health status or sex life.


On 9 th April 2013 a more up-to date system, called SISII offering additional functionalities entered into operation. Data on persons stored in the SIS II are the data necessary to locate a person and confirm his/her identity (including newly a picture and fingerprints) as well as relevant information about the alert (including the action to be taken). Fingerprints may also be used to identify a third-country national on the basis of the biometric identifier. With this additional functionalities SIS II will enhance the exchange of information for certain categories of persons & objects between national border control, police, customs, visa, immigration, judicial and vehicle registration authorities (as well  as Europol and Eurojust) in the Schengen Area, increasing security and facilitating free movement.

New functionalities of the SIS II:

• Enhanced alerts on persons and objects: persons, vehicles, firearms, issued documents, blank documents, bank notes.
  

• New categories of alerts: stolen aircrafts, boats, boat engines, containers, industrial equipment, securities and means of payment.
  

• Direct queries in the central system.
  

• Linking of alerts on persons, objects & vehicles (e.g.: alert on a person and a vehicle).
  

• Biometric data (fingerprints and a photograph).
  

• European Arrest Warrant attached directly to alert for persons wanted for arrest for surrender or extradition.
  

• Information on misused identity preventing the misidentification.
  

• Notations regarding specific objects may be made in the SIS, provided such items were forfeited or presented as evidence in criminal proceedings.  Alerts may concern lost, stolen, misappropriated or invalidated
  

Who may use SIS data within participating states?

Each member state submits a list of competent institutions which are authorized to use data stored in the SIS to an EU Commission executive committee.  The system can be accessed locally by a variety of approved authorities.  Access is instant and direct.

Police, for example, may obtain SIS information for the purpose of protecting the legal order, national security or during the course of a criminal investigation.

Data that pertains to a refusal of entry into the Shengen zone, as well as specified types of lost, stolen or misappropriated goods may be accessed by:

• authorities responsible for issuing visas
  

• central authorities responsible for examining visa applications
  

• authorities responsible for issuing residence permits
  

• authorities responsible for the administration of legislation on aliens
  

Institutions in member states who are responsible for the issuance of vehicle registration certificates may also have access to data on stolen, misappropriated or invalidated vehicle registration certificates and license plates.  

Your Data Protection Rights and the SIS

In order to understand your data protection rights vis-à-vis the SIS, it helps to understand the various institutions involved in its implementation.  

The European Data Protection Supervisor shall check that the personal data processing activities in the eu-LISA are carried out lawfully and ensure that an audit of the eu-LISA's personal data processing activities is carried out in accordance with international audit standards at least every four years.  

The National Supervisory Authorities and the European Data Protection Supervisor shall cooperate actively and ensure coordinated supervision of SIS II. They shall meet at least twice a year. For the sake of transparency, a join t report of activities shall be sent to the European Parliament, the Council and eu-LISA every two years.

At the national level each signatory nation has a data protection authority that is tasked with the oversight of national data control issues.  In Hungary, the independent office of the National Authority for Data Protection and Freedom of Information (http://naih.hu/) performs this function.

In agreement with EU and Hungarian laws, each person has the right to:

• access SIS-stored information related to the person
  

• request that inaccurate or false data is corrected
  

• request the removal of its unlawfully processed data
  

• turn to the courts or another competent authority to request the correction or removal of inaccurate data or petition for compensatory damages
  

Relief for infractions of any of the above-mentioned laws may be pursued in each Schengen member state.  Questions regarding the legality of collected data are reviewed according to the laws of the member state where the complaint has been brought.  If the data concerned was recorded by another member state, the two states will closely collaborate to consider any legal issues.

In Hungary, anyone who is interested in knowing whether or not their data has been recorded in the SIS, or wishes to correct or have inaccurate data deleted should contact  any government office, police station or any Hungarian Embassy or Consulate and fill in a request for information form which is transferred to the SIRENE Bureau of the Hungarian National Police Headquarters.

The Bureau has the right to refuse requests but is obliged to inform the person about the fact of and the reason for denial. Should you find that the SIRENE Bureau is not adequately responsive to your request, you then may turn to the Hungarian National Authority for Data Protection and Freedom of Information (NAIH):

Nemzeti Adatvédelmi és Információszabadság Hatóság
Postal address: 1530 Budapest, Pf.: 5.
Office address: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Tel: +36 1 391-1400
Fax: +36 1 391-1410
Email: ugyfelszolgalat@naih.hu
Web: http://naih.hu

Form for requesting information on the basis of Art. 26 of the Act CLXXXI of 2012 on the exchange of information in the framework of the second-generation Schengen Information System